Nos formations DNS / IPv6 Nos formations DNS / IPv6

Securing your DNS infrastructure with DNSSEC

Home > Products and services > Training > Securing your DNS infrastructure with DNSSEC

The DNS is a strategic infrastructure, since all internet services for companies, associations and public organisations depend on it. Implementing DNSSEC allows you to secure this infrastructure.

Description and aims of the training course

This training course will enable you to put this delicate technology in place and protect yourself against any problems that might penalise your activities:

  • Assess the benefits of deploying DNSSEC in your environment
  • Acquire technical knowledge of DNSSEC
  • Configure the installation of a validating DNSSEC resolver (Unbound)
  • Construct a DNSSEC infrastructure with OpenDNSSEC and manage the keys and BIND to serve the signed zones

Duration
2 days

Target audience
All professionals in the domain name industry

Prerequisites 

  • Knowledge of the basics of the DNS
  • Familiarity with the UNIX operating system and the TCP/IP network protocols
  • At least one year’s experience in the domain name administration business

Trainer
Stéphane Bortzmeyer, Afnic DNS expert

Training location
Face-to-face at your offices or remotely
Find practical information on how to get to our offices.

Assessment
Final assessment of the training course will be in the form of a multiple-choice questionnaire.

Cost
Contact us for a quotation.

Our experts can adapt to your needs and design a custom training course.

formation@afnic.fr

Training programme 

Day 1 – Morning: Reminder of the basics

  • Functioning of the DNS
  • Security of the DNS and associated risks
  • Cryptography 
  • Contributions of DNSSEC

Day 1 – Afternoon: Presentation of DNSSEC

  • Keys and DNSKEY records
  • Signing of records
  • Secure delegation
  • Proof of non-existence: NSEC and NSEC3 records

Day 2 – Morning: DNSSEC in practice

  • Protocol details 
    • DO bit and transport (EDNS)
    • Problems associated with firewalls
  • Creation of a zone signed manually
    • Validation using Unbound
    • Verifying with DIG and DELV
    • Identifying the causes of a problem
    • Performing tests with Zonemaster and DNSVIZ
  • Delegation of a zone
  • Renewal of keys

Day 2 – Afternoon: Practical exercises and feedback

  • Creation of a signed zone with OpenDNSSEC
  • DNSSEC feedback
    • In the root zone
    • For Top-Level Domains
    • Ordinary zones signed
    • Storage of keys and HSMs
    • Frequently encountered operational problems

If anyone participating in the training course has a disability, please contact us on +33 (0)1 39 30 83 59 so we can make suitable arrangements.

For more information and dates of upcoming training sessions:

Contact us

Date of last update: January 18, 2021